Privacy policy
Last updated: 2026-05-02
Who we are
RiskMap is operated by [REVIEW: insert legal entity, registered address, contact email] ("we", "our"). For privacy matters contact privacy@formatgreen.com.
What we collect
- Account data: your email address and (optionally) your display name, supplied when you sign up or are invited.
- Authentication data: a server-side session token (held by our identity provider, SuperTokens) and a strictly-necessary HttpOnly cookie that proves your browser is logged in. These do not track you across sites.
- Saved properties: the addresses + coordinates you explicitly save in the app, plus any optional name/notes you add. Linked to your account; not shared with anyone else unless you assign them to a portfolio shared with your group.
- Operational logs: HTTP request metadata (path, method, response status, response time, your user id once logged in, and an internal trace id) for the purpose of debugging and abuse detection. Held for [REVIEW: 30 days] then rotated.
We do not use analytics or tracking cookies. We do not sell or rent personal data.
Why we collect it
Lawful basis under GDPR Art. 6: contractual necessity for everything in "What we collect" — without it the service cannot function. The only exception is operational logs, which rely on our legitimate interest in keeping the service secure and stable (Art. 6(1)(f)).
Where it lives
Riskmap runs on UpCloud data centres in Stockholm, Sweden (EU/EEA). Operational logs and metrics are forwarded to Grafana Cloud (EU region). Magic-link emails are sent through Brevo (EU). We do not transfer personal data outside the EU/EEA. [REVIEW: confirm Brevo region.]
Your rights
Under GDPR you can request access to, correction of, or deletion of your personal data; you can object to processing based on legitimate interest; and you can lodge a complaint with your national supervisory authority. Email privacy@formatgreen.com; we'll respond within 30 days.
Account deletion: log in, contact us via email; we'll erase your account record + saved properties within 14 days. Operational logs that mention you (by user id) age out within the retention window above.
Cookies
Three strictly-necessary cookies. No analytics, no third-party trackers.
riskmap_at— HttpOnly session token, lifetime 1 hour. Deleting it logs you out.riskmap_at_js— JavaScript-readable mirror of the same session token. Same lifetime, same scope, used by the frontend client to attach an auth header on outbound API calls.rm_locale— your language choice (enorsv) so server-side rendering picks the right dictionary on the next page load.
Changes
Material changes to this policy bump the "Last updated" date.